JDK-8046295 : Support Trusted CA Indication extension
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P3
  • Status: Open
  • Resolution: Unresolved
  • Submitted: 2014-06-09
  • Updated: 2019-01-15
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
tbdUnresolved
Related Reports
Blocks :  
JDK-8046292 - Track NIST Special Publication 800-52
Description
Consider to support Trusted CA Indication extension per RFC 6066.
Comments
Martin posted the review request here: http://mail.openjdk.java.net/pipermail/security-dev/2017-June/015960.html
07-06-2017
Assigning to myself on behalf of mbalao@redhat.com, client side impl draft - http://people.redhat.com/mbalaoal/webrevs/jdk_8046295_trusted_ca/2017_05_30/webrev/
02-06-2017
Trusted CA Indication is a mandatory TLS Extensions of NIST SP 800-52 R1 (section 3.4.1 Mandatory TLS Extensions). Section 3.4.1, NIST SP 800-52 R1: ------------------------------------------------- The server shall support the following TLS extensions. 1. Renegotiation Indication 2. Certificate Status Request 3. Server Name Indication 4. Trusted CA Indication ... 3.4.1.4 Trusted CA Indication The trusted CA indication (trusted_ca_keys) extension allows a client to specify which CA root keys it possesses. This is useful for sessions where the client is memory-constrained and possesses a small number of root CA keys. The server shall be able to process and respond to the trusted CA indication extension received in a ClientHello message as described in [RFC6066].
09-06-2014